Analysis Overview
SHA256
81866eb069ec59cdd5f41ddced9fab388962045ab1d67b2532985ff137da839c
Threat Level: Known bad
The file stealer-campaigns.zip was found to be: Known bad.
Malicious Activity Summary
Stealc
Vidar
Detect Vidar Stealer
Downloads MZ/PE file
Stops running service(s)
Sets file execution options in registry
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Launches sc.exe
Drops file in Windows directory
Unsigned PE
Runs ping.exe
Delays execution with timeout.exe
Modifies registry key
Enumerates system info in registry
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Runs net.exe
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Creates scheduled task(s)
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 18:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 18:12
Reported
2024-06-14 18:48
Platform
win11-20240611-en
Max time kernel
2099s
Max time network
2101s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
Downloads MZ/PE file
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\VerifierDlls = "SppExtComObjHook.dll" | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\GlobalFlag = "256" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_HWID = "4187226795851251830" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\GlobalFlag = "256" | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_ActivationInterval = "43200" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_Emulation = "1" | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_ActivationInterval = "43200" | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\VerifierFlags = "2147483648" | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_HWID = "4187226795851251830" | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\VerifierDebug = "0" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_RenewalInterval = "43200" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\VerifierDlls = "SppExtComObjHook.dll" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_Emulation = "1" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\KMS_RenewalInterval = "43200" | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\VerifierFlags = "2147483648" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | C:\Windows\System32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe\VerifierDebug = "0" | C:\Windows\System32\reg.exe | N/A |
Stops running service(s)
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\sihost.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6148 set thread context of 5288 | N/A | C:\Users\Admin\Desktop\soft2.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 4812 set thread context of 3488 | N/A | C:\Users\Admin\Desktop\soft2.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663 | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628624676350991" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663\85dd8b5f-eaa4-4af3-a628-cce9e77c9a03 | C:\Windows\System32\reg.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2394516847-3409208829-2230326962-1000\{13675797-9F9C-40DC-8517-0123DE9F2C64} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\stealer-campaigns.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffff08aab58,0x7ffff08aab68,0x7ffff08aab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x250,0x260,0x7ff65255ae48,0x7ff65255ae58,0x7ff65255ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4760 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4608 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4276 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4844 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xec,0x10c,0x7fffdc083cb8,0x7fffdc083cc8,0x7fffdc083cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,18178709446558993017,5645652942538206245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.0.1085018239\455363996" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {489c82da-caff-4b80-9991-7db36a6703ea} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 1840 1cdaee0f058 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.1.1896105155\1296033263" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb3b9f3-d675-4556-a157-720d8e5de04d} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 2420 1cda2189358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.2.1358114765\709816501" -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2944 -prefsLen 22213 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e24b764b-c0ce-48c6-8064-c22c5c214412} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 2988 1cdb18f2558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.3.858142191\1351506702" -childID 2 -isForBrowser -prefsHandle 916 -prefMapHandle 2700 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7311fa-d504-449e-a772-354a07e73a32} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 3616 1cdb4740658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.4.613661855\65084006" -childID 3 -isForBrowser -prefsHandle 5124 -prefMapHandle 5168 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0421cb3-33a4-4b86-b889-67d89edecc47} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 5196 1cdb5a94558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.5.1166433712\1182190076" -childID 4 -isForBrowser -prefsHandle 5320 -prefMapHandle 5328 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cb4a02e-faab-4da1-a5a1-a5fc60e43276} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 5424 1cdb62f0058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.6.646264134\546299499" -childID 5 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f8ca9ef-a6a6-4ce3-84e8-02073efc6648} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 5300 1cdb62ee858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.7.2036155388\863856721" -childID 6 -isForBrowser -prefsHandle 5836 -prefMapHandle 5060 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80580f6d-faa9-4b1d-b593-234a6e21b7b0} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 6036 1cdb8d58758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.8.249241603\1846891686" -childID 7 -isForBrowser -prefsHandle 6080 -prefMapHandle 6084 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad96f9fa-877e-4e72-bbf3-6b89690c7e13} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 6068 1cdb8d58d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.9.2082792437\915362442" -parentBuildID 20230214051806 -prefsHandle 4320 -prefMapHandle 4360 -prefsLen 27695 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de9aff69-a098-4fe8-80a4-2c9931b56d63} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 6012 1cda2184a58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2568.10.409578893\1958998449" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 3800 -prefMapHandle 3812 -prefsLen 27695 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d460e5-95f9-4956-8ddf-587e904eb379} 2568 "\\.\pipe\gecko-crash-server-pipe.2568" 6308 1cda2183b58 utility
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1820,i,2837311264235589248,3295173532166950606,131072 /prefetch:2
C:\Users\Admin\Desktop\appst.exe
"C:\Users\Admin\Desktop\appst.exe"
C:\Users\Admin\Desktop\clips.exe
"C:\Users\Admin\Desktop\clips.exe"
C:\Users\Admin\Desktop\soft2.exe
"C:\Users\Admin\Desktop\soft2.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +H +S C:\Users\Admin\AppData\Roaming\sihost.exe
C:\Windows\SysWOW64\attrib.exe
attrib +H C:\Users\Admin\AppData\Roaming\sihost.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /f /CREATE /TN "sihost.exe" /TR "C:\Users\Admin\AppData\Roaming\sihost.exe" /SC MINUTE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell ping 127.0.0.1; del clips.exe
C:\Windows\SysWOW64\PING.EXE
"C:\Windows\system32\PING.EXE" 127.0.0.1
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c 5488134.cmd
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\WinMgmt /v Start
C:\Windows\System32\find.exe
find /i "0x4"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\find.exe
find /i "ComputerSystem"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -nop -c $ExecutionContext.SessionState.LanguageMode
C:\Windows\System32\find.exe
find /i "Full"
C:\Windows\System32\reg.exe
reg query HKU\S-1-5-19
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
C:\Windows\System32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v UBR 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v UBR
C:\Windows\System32\reg.exe
reg query "HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir /b /ad C:\Windows\System32\spp\tokens\skus
C:\Windows\System32\sc.exe
sc query osppsvc
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext /v MigrationToV5Done
C:\Windows\System32\find.exe
find /i "0x1"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext /v MigrationToV6Done
C:\Windows\System32\find.exe
find /i "0x1"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*retail"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*retail"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*volume"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*volume"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "project.*"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "project.*"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "visio.*"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "visio.*"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -nop -c "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=300;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v NoGenTicket /t REG_DWORD /d 1 /f
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\find.exe
find /i "STOPPED"
C:\Windows\System32\net.exe
net stop sppsvc /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop sppsvc /y
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\find.exe
find /i "STOPPED"
C:\Windows\System32\Wbem\WMIC.exe
WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="C:\Windows\System32\SppExtComObjHook.dll" Force=True
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v Debugger
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v VerifierDlls /t REG_SZ /d "SppExtComObjHook.dll"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v VerifierDebug /t REG_DWORD /d 0x00000000
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v VerifierFlags /t REG_DWORD /d 0x80000000
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v GlobalFlag /t REG_DWORD /d 0x00000100
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_Emulation /t REG_DWORD /d 1
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_ActivationInterval /t REG_DWORD /d 43200
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_RenewalInterval /t REG_DWORD /d 43200
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_HWID /t REG_QWORD /d "0x3A1C049600B60076"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" /f "Microsoft-Windows-*Edition~31bf3856ad364e35" /k 2>nul | FIND /I "CurrentVersion"
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" /f "Microsoft-Windows-*Edition~31bf3856ad364e35" /k
C:\Windows\System32\find.exe
FIND /I "CurrentVersion"
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-ProfessionalEdition~31bf3856ad364e35~amd64~~10.0.22000.318" /v "CurrentState"
C:\Windows\System32\find.exe
FIND /I "0x70"
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-ProfessionalEdition~31bf3856ad364e35~amd64~~10.0.22000.493" /v "CurrentState"
C:\Windows\System32\find.exe
FIND /I "0x70"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ECHO Microsoft-Windows-ProfessionalEdition~31bf3856ad364e35~amd64~~10.0.22000.493
C:\Windows\System32\net.exe
net start sppsvc /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start sppsvc /y
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True
C:\Windows\System32\Wbem\WMIC.exe
WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServicePort /t REG_SZ /d "1688"
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v DisableDnsPublishing
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v DisableKeyManagementServiceHostCaching
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f" /f
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2" /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServicePort /t REG_SZ /d "1688" /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2" /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServicePort /t REG_SZ /d "1688" /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServicePort /t REG_SZ /d "1688"
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f" /f
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True 2>nul
C:\Windows\System32\Wbem\WMIC.exe
WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionId
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionId
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\14.0\CVH /f Click2run /k
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr /I /C:"MondoVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProPlusVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"StandardVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"AccessVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusinessVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OneNoteVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ExcelVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OutlookVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPointVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PublisherVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"WordVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"MondoRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProPlusRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"StandardRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"AccessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusinessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OneNoteRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ExcelRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OutlookRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPointRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PublisherRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"WordRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProfessionalRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeBusinessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeStudentRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365BusinessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365SmallBusPremRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365HomePremRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365EduCloudRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr 2019
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr 2021
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr 2024
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "Description like '%KMSCLIENT%'" get Name /value
C:\Windows\System32\findstr.exe
findstr /i Windows
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f" /f
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f" /f
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and Description like '%KMSCLIENT%' and PartialProductKey is not NULL" get Name /value
C:\Windows\System32\findstr.exe
findstr /i Windows
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and Description like '%KMSCLIENT%' and PartialProductKey is not NULL" get GracePeriodRemaining /value 2>nul
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and Description like '%KMSCLIENT%' and PartialProductKey is not NULL" get GracePeriodRemaining /value
C:\Users\Admin\AppData\Roaming\sihost.exe
C:\Users\Admin\AppData\Roaming\sihost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path SoftwareLicensingService get Version /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingService get Version /value
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServicePort /t REG_SZ /d "1688"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2" /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServicePort /t REG_SZ /d "1688" /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2" /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServicePort /t REG_SZ /d "1688" /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServicePort /t REG_SZ /d "1688"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and Description like '%KMSCLIENT%' " get ID /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and Description like '%KMSCLIENT%' " get ID /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ID='2de67392-b7a7-462a-b1ca-108dd189f588'" get LicenseStatus /value
C:\Windows\System32\findstr.exe
findstr "1"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "PartialProductKey is not NULL" get ID /value
C:\Windows\System32\findstr.exe
findstr /i "2de67392-b7a7-462a-b1ca-108dd189f588"
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f\2de67392-b7a7-462a-b1ca-108dd189f588" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path SoftwareLicensingProduct where "ID='2de67392-b7a7-462a-b1ca-108dd189f588'" get Name /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ID='2de67392-b7a7-462a-b1ca-108dd189f588'" get Name /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where ID='2de67392-b7a7-462a-b1ca-108dd189f588' call Activate
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E4
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KFIJJEGHDAEB" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c 5928445.cmd
C:\Windows\System32\reg.exe
reg query HKLM\SYSTEM\CurrentControlSet\Services\WinMgmt /v Start
C:\Windows\System32\find.exe
find /i "0x4"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get CreationClassName /value
C:\Windows\System32\find.exe
find /i "ComputerSystem"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -nop -c $ExecutionContext.SessionState.LanguageMode
C:\Windows\System32\find.exe
find /i "Full"
C:\Windows\System32\reg.exe
reg query HKU\S-1-5-19
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
C:\Windows\System32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v UBR 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v UBR
C:\Windows\System32\reg.exe
reg query "HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c dir /b /ad C:\Windows\System32\spp\tokens\skus
C:\Windows\System32\sc.exe
sc query osppsvc
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext /v MigrationToV5Done
C:\Windows\System32\find.exe
find /i "0x1"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext /v MigrationToV6Done
C:\Windows\System32\find.exe
find /i "0x1"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*retail"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*retail"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*volume"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r ".*volume"
C:\Windows\System32\findstr.exe
findstr /i /v "project visio"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "project.*"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "project.*"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "visio.*"
C:\Windows\System32\find.exe
find /i "0x2"
C:\Windows\System32\reg.exe
reg query HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Licensing\LicensingNext
C:\Windows\System32\findstr.exe
findstr /i /r "visio.*"
C:\Windows\System32\find.exe
find /i "0x3"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -nop -c "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=31;$B.Height=300;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v NoGenTicket /t REG_DWORD /d 1 /f
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\find.exe
find /i "STOPPED"
C:\Windows\System32\net.exe
net stop sppsvc /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop sppsvc /y
C:\Windows\System32\sc.exe
sc query sppsvc
C:\Windows\System32\find.exe
find /i "STOPPED"
C:\Windows\System32\sc.exe
sc stop sppsvc
C:\Windows\System32\Wbem\WMIC.exe
WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="C:\Windows\System32\SppExtComObjHook.dll" Force=True
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v Debugger
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v VerifierDlls /t REG_SZ /d "SppExtComObjHook.dll"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v VerifierDebug /t REG_DWORD /d 0x00000000
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v VerifierFlags /t REG_DWORD /d 0x80000000
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v GlobalFlag /t REG_DWORD /d 0x00000100
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_Emulation /t REG_DWORD /d 1
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_ActivationInterval /t REG_DWORD /d 43200
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_RenewalInterval /t REG_DWORD /d 43200
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe" /f /v KMS_HWID /t REG_QWORD /d "0x3A1C049600B60076"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" /f "Microsoft-Windows-*Edition~31bf3856ad364e35" /k 2>nul | FIND /I "CurrentVersion"
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" /f "Microsoft-Windows-*Edition~31bf3856ad364e35" /k
C:\Windows\System32\find.exe
FIND /I "CurrentVersion"
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-ProfessionalEdition~31bf3856ad364e35~amd64~~10.0.22000.318" /v "CurrentState"
C:\Windows\System32\find.exe
FIND /I "0x70"
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-ProfessionalEdition~31bf3856ad364e35~amd64~~10.0.22000.493" /v "CurrentState"
C:\Windows\System32\find.exe
FIND /I "0x70"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ECHO Microsoft-Windows-ProfessionalEdition~31bf3856ad364e35~amd64~~10.0.22000.493
C:\Windows\System32\net.exe
net start sppsvc /y
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start sppsvc /y
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True
C:\Windows\System32\Wbem\WMIC.exe
WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServicePort /t REG_SZ /d "1688"
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v DisableDnsPublishing
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v DisableKeyManagementServiceHostCaching
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f" /f
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2" /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /f /v KeyManagementServicePort /t REG_SZ /d "1688" /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2" /reg:32
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServicePort /t REG_SZ /d "1688" /reg:32
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServiceName /t REG_SZ /d "172.16.0.2"
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f /v KeyManagementServicePort /t REG_SZ /d "1688"
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f" /f
C:\Windows\System32\reg.exe
reg delete "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True 2>nul
C:\Windows\System32\Wbem\WMIC.exe
WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath "C:\Windows\System32\SppExtComObjHook.dll" Force True
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionId
C:\Windows\System32\reg.exe
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionId
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\14.0\CVH /f Click2run /k
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\14.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\16.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr /I /C:"MondoVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProPlusVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"StandardVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"AccessVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusinessVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OneNoteVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ExcelVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OutlookVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPointVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PublisherVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"WordVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdXVolume" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"MondoRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProPlusRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"StandardRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"AccessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusinessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OneNoteRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ExcelRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OutlookRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPointRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PublisherRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"WordRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProfessionalRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeBusinessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeStudentRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365BusinessRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365SmallBusPremRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365HomePremRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365EduCloudRetail" "C:\Windows\Temp\c2rchk.txt"
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr 2019
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr 2021
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\System32\findstr.exe
findstr 2024
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msoxmled.exe"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "Description like '%KMSCLIENT%' AND NOT Name like '%MondoR_KMS_Automation%'" get Name /value
C:\Windows\System32\find.exe
find /i "Office 24" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 21" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 19" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 16" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 15" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663' AND NOT Name like '%O365%'" get Name /value
C:\Windows\System32\find.exe
find /i "R_Retail" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 21"
C:\Windows\System32\find.exe
find /i "R_Retail" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 19"
C:\Windows\System32\find.exe
find /i "R_Retail" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 16"
C:\Windows\System32\find.exe
find /i "R_Retail" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office 15"
C:\Windows\System32\find.exe
find /i "Office16ProPlusR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16StandardR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16AccessR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16SkypeforBusinessR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16ExcelR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16OutlookR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16PowerPointR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16PublisherR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16WordR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16ProfessionalR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16HomeBusinessR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16HomeStudentR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16ProjectProR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16ProjectStdR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16VisioProR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\find.exe
find /i "Office16VisioStdR" "C:\Windows\Temp\sppchk.txt"
C:\Windows\System32\sc.exe
sc query ClickToRunSvc
C:\Windows\System32\sc.exe
sc query OfficeSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v InstallPath
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v PackageGUID" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun /v PackageGUID
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v ProductReleaseIds
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs /v ActiveConfiguration" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs /v ActiveConfiguration
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path" 2>nul
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\WOW6432Node\Microsoft\Office\15.0\Common\InstallRoot /v Path
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path SoftwareLicensingService get Version /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingService get Version /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663' AND LicenseStatus='1' AND PartialProductKey is not NULL" get Description
C:\Windows\System32\findstr.exe
findstr /V /R "^$"
C:\Windows\System32\find.exe
find /i "RETAIL channel" "C:\Windows\Temp\crvRetail.txt"
C:\Windows\System32\find.exe
find /i "RETAIL(MAK) channel" "C:\Windows\Temp\crvRetail.txt"
C:\Windows\System32\find.exe
find /i "TIMEBASED_SUB channel" "C:\Windows\Temp\crvRetail.txt"
C:\Windows\System32\Wbem\WMIC.exe
wmic path SoftwareLicensingProduct where "ApplicationID='0ff1ce15-a989-479d-af46-f275c6370663'" get LicenseFamily
C:\Windows\System32\findstr.exe
findstr /V /R "^$"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProPlus2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectPro2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioPro2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Standard2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStd2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStd2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Access2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusiness2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Excel2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Outlook2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPoint2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Publisher2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Word2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Professional2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeBusiness2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeStudent2021Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProPlus2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectPro2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioPro2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Standard2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStd2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStd2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Access2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusiness2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Excel2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Outlook2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPoint2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Publisher2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Word2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Professional2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeBusiness2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeStudent2019Retail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"MondoRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"StandardRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"AccessRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusinessRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ExcelRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OutlookRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPointRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PublisherRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"WordRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OneNoteRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProfessionalRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeBusinessRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"HomeStudentRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365ProPlusRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365BusinessRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365SmallBusPremRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365HomePremRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"O365EduCloudRetail" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProPlus2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectPro2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioPro2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Standard2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStd2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStd2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Access2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusiness2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Excel2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Outlook2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPoint2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Publisher2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"Word2019Volume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"MondoVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectProVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioProVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"StandardVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ProjectStdVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"VisioStdVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"AccessVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"SkypeforBusinessVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"ExcelVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OutlookVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PowerPointVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"PublisherVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"WordVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\findstr.exe
findstr /I /C:"OneNoteVolume" "C:\Windows\Temp\crvProductIds.txt"
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\11E8BCBA-6DB6-4575-9BFD-07203ADE41F0\ProPlusRetail.16
C:\Windows\System32\find.exe
find /i "Office16ProPlusVL_KMS_Client" "C:\Windows\Temp\crvVolume.txt"
C:\Windows\System32\reg.exe
reg query HKLM\SOFTWARE\Microsoft\Office\ClickToRun\ProductReleaseIDs\11E8BCBA-6DB6-4575-9BFD-07203ADE41F0\ProPlusVolume.16
C:\Windows\System32\find.exe
find /i "Office16MondoVL_KMS_Client" "C:\Windows\Temp\crvVolume.txt"
C:\Windows\System32\cscript.exe
cscript.exe //NoLogo //B C:\Windows\System32\slmgr.vbs /ilc "C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms"
C:\Windows\System32\cscript.exe
cscript.exe //NoLogo //B C:\Windows\System32\slmgr.vbs /ilc "C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms"
C:\Windows\System32\cscript.exe
cscript.exe //NoLogo //B C:\Windows\System32\slmgr.vbs /ilc "C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms"
C:\Windows\System32\cscript.exe
cscript.exe //NoLogo //B C:\Windows\System32\slmgr.vbs /ilc "C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms"
C:\Windows\System32\cscript.exe
cscript.exe //NoLogo //B C:\Windows\System32\slmgr.vbs /ilc "C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms"
C:\Windows\System32\cscript.exe
cscript.exe //NoLogo //B C:\Windows\System32\slmgr.vbs /ilc "C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms"
C:\Users\Admin\Desktop\soft2.exe
"C:\Users\Admin\Desktop\soft2.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\EGCBAFCFIJJJ" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 142.250.180.5:443 | gmail.com | tcp |
| GB | 142.250.180.5:443 | gmail.com | tcp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | udp |
| NL | 142.250.102.94:443 | accounts.google.co.uk | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | lh3.google.com | tcp |
| GB | 142.250.180.10:443 | ogads-pa.clients6.google.com | tcp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.clients6.google.com | udp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| GB | 142.250.180.5:80 | gmail.com | tcp |
| GB | 142.250.180.5:80 | gmail.com | tcp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.180.5:443 | gmail.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.94:443 | accounts.google.co.uk | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | lh3.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 142.250.180.10:443 | ogads-pa.clients6.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | ogads-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| N/A | 127.0.0.1:51095 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| N/A | 127.0.0.1:51109 | tcp | |
| US | 8.8.8.8:53 | 36.96.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | ogs.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.5:80 | gmail.com | tcp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | google.co.uk | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | tcp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| NL | 142.250.102.94:443 | accounts-cctld.l.google.com | tcp |
| US | 8.8.8.8:53 | accounts-cctld.l.google.com | udp |
| NL | 142.250.102.94:443 | accounts-cctld.l.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| GB | 172.217.16.238:443 | lh2.l.google.com | tcp |
| US | 8.8.8.8:53 | lh2.l.google.com | udp |
| GB | 172.217.16.238:443 | lh2.l.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 216.58.213.10:443 | ogads-pa.clients6.google.com | tcp |
| GB | 216.58.213.10:443 | ogads-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | plus.l.google.com | tcp |
| GB | 142.250.179.234:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.179.234:443 | waa-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| GB | 142.250.200.14:443 | plus.l.google.com | udp |
| GB | 216.58.213.10:443 | ogads-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | addons-pa.clients6.google.com | tcp |
| GB | 142.250.180.10:443 | addons-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | mail-ads.google.com | udp |
| GB | 142.250.180.10:443 | signaler-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | signaler-pa.clients6.google.com | tcp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| US | 8.8.8.8:53 | googlemail.l.google.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | googlemail.l.google.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 142.250.179.234:443 | people-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | people-pa.clients6.google.com | tcp |
| GB | 142.250.200.14:443 | plus.l.google.com | tcp |
| GB | 142.250.180.10:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | people-pa.clients6.google.com | udp |
| GB | 142.250.200.14:443 | plus.l.google.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | tcp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 142.251.165.94:443 | beacons2.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 142.251.165.94:443 | beacons2.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 94.165.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 24.249.124.192.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.200.14:443 | plus.l.google.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| GB | 2.18.66.75:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 20.189.173.23:443 | browser.pipe.aria.microsoft.com | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 142.251.165.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 216.58.212.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | tcp | |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.10:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.169.10:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 117.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 172.217.16.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.179.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.202:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 142.250.187.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.16.234:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| GB | 172.217.16.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| GB | 172.217.169.74:443 | addons-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.16.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 172.217.16.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 172.217.16.234:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| GB | 142.250.180.10:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | mail-ads.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 142.250.200.42:443 | waa-pa.clients6.google.com | udp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| GB | 172.217.16.229:443 | mail-ads.google.com | tcp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 142.250.187.229:443 | mail.google.com | tcp |
| GB | 142.250.180.10:443 | signaler-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
Files
\??\pipe\crashpad_3260_MBWLCUWVEMLDUCSP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5c623256334271dba7b7b9f9fd774056 |
| SHA1 | e39b1572471c149698f2cd2c8c7d380d922abe65 |
| SHA256 | dc2b5e3f1f54d52504f4e198168c4d7815cec21956cc53555106b688176f51b9 |
| SHA512 | 4125cd0284d09922993c2be2940c7922792723e2c9a51dc989a8e2527ce88b98d57c3416834b6ac8d6714360fcf3a003a95aed0a55aeb7d2caba71626ea385dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5fa0e214b2234831849948d5e5374f6b |
| SHA1 | 9baf384258365c59338d9e3371bd1cdbbd29d772 |
| SHA256 | c4ae3ffde240803f37609bb04994fc7fc0b4b3388adda0599db3c9739136e485 |
| SHA512 | df78979f4133c648b38c576b5fe6c2c58f6efaa5fcb1d6a44bafd8a8fb6d0cef58f9df0f21f505012aa1eaa757646f337f0782c1347ae73df7d1c2d9f4a04dd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7504ed5d5f934932ca2b4a70b3687878 |
| SHA1 | da82242af1789ed97b8337805fd3dc7b34320794 |
| SHA256 | 3f06d361c6b817c03106698272a73d185bdd0b7781ff8b55dd026353730e9274 |
| SHA512 | 815bd0a61803df759ca648f21b04a6af0168cd3cab3d2b1591457acad3ac7d3dcbf3471589590464ab365ad05e0af99262ee312f290fac015bd2b3bfb5341207 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | adfae593b66a544ee5f7c1567808b074 |
| SHA1 | 10de0c9e9a2827839253c1aadf4285a7cd48f13e |
| SHA256 | 655e317b442abbcce4bc87f2a8fcafe426989563b952acdd5f1b90e5cd669bca |
| SHA512 | e8e1a97399c86acf9978a5ea97bac3cebbc42a8e13ac03d34436f11c40ddd2166869273b199d6b3ecb37b431c86bb4b12b98ca71743128097b0a6517c4115a86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 22207f98e8bf34aea58bdb93276a2022 |
| SHA1 | b80852b2cbb1316a19db2a823648d289e9aa7ef6 |
| SHA256 | 9c5dce707c0bb0efe73d484f9ae6e3bd1e5b4da7a70a48599ad8999a01b5ac62 |
| SHA512 | cb86bd1cf7df6673d025b198a46a294c7e232519155ec7a875b5df6351470eeebc717b3f69152930268b31af6fe897c0daac95b5b1f74b037146d65d2c012e6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac4c6485c136dd395577884bbe6b37b9 |
| SHA1 | 3e7a98b33c0fbc665a4d632e1e017bf9d8a0dc08 |
| SHA256 | 961b4ab18832937297b673a9c618f1118c7e075b2e33ce10c8ad22623cf24f8f |
| SHA512 | 286683214284b15856a8e9a26737e3a2d99a2f6e1349c8f12337d7e25f5cc159998b8659f111b44032677185559618ae06156230406ba29facc8948f2a19a090 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b0beb8715d0cec9af88df1c710ba6317 |
| SHA1 | 2a0dfee636d6f7c45c0495921751df4d5fe3b0b2 |
| SHA256 | d4bf095591e95311922e788be141896544f92be48fbb60c13c0d38c22b1bd4a3 |
| SHA512 | da4b7fc6ddf52c643334cf7ebb0b9c8e30efb1c959c7d2be6c1c02b5015857770e8b81ad028687214a9e0ed3134cf5011d1b875449ae286f6606957a8299f8a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590361.TMP
| MD5 | 0527712bd73995d97d67f8ce5796a596 |
| SHA1 | 4a66dd4c5ead5f5a9f0ffde5b87160ff8b81bbe2 |
| SHA256 | a3b94745747515cbf8daa9591e5637692f3811dbe225ed473b736d4f3ac58599 |
| SHA512 | 011b41d9c5537c31469bdcfc97baf011f5566adc0fe5e9673d085edafb76486610c6d057dee0e5b8cc276fedf4d06ddf92250dca4b87451e0d5dd882a3ec21c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5eb057df6525285080c733e5c614579e |
| SHA1 | a4e516c9553a8ca3a5e90f7a5357dbe06b9c3a07 |
| SHA256 | f96e3b2b842e1549e081e3b4997cd8439ab3c78e11c091502341b217f867f515 |
| SHA512 | 39c0916c0470d310e5f2420aec7a668fe8fcd0121d125e271f7b2c767a482363a5b3d91ae6cef98508d5ce24143718730c813bc26cfd2041f24da9b85fdfb88e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9d041e2529e4e0d8a478656eaa5f135c |
| SHA1 | f25252088b85aa04917fd6872a8d9e2df5fefceb |
| SHA256 | 4bd9fdaa55a9610197a825c75f8acde1f5bf200e49ecabd91e6ad0039d8a8175 |
| SHA512 | 3c414a46129174a6b18207a4776f42f81645a77825c768da9a38f32ce4509f933756cc339a1935df3f64fed6ba154f899bb02d8b79d4875bb48688281f112e6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3260_93407795\Icons\128.png
| MD5 | 3c32acef7f02a6b39f1225a25f0c5b6f |
| SHA1 | 01d6dab09e215c282e4b938110088edc4ef1aed4 |
| SHA256 | 3049129afe676d733813472acdb588247fbe1a52ea03f5d71780233e0693b33a |
| SHA512 | 69378979b736f6b2a023480d45450b4f4b3c9127cbd0f421cda1dd0e90e4691fbdeac92fe161c3b4e758777909f84658f47eab2cda35dde06e52c5c26423d8c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | f61f0d4d0f968d5bba39a84c76277e1a |
| SHA1 | aa3693ea140eca418b4b2a30f6a68f6f43b4beb2 |
| SHA256 | 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc |
| SHA512 | 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2a9406b36e8b6446a35dbc85be51170 |
| SHA1 | 57c1d039eb3708d3a0640063f9f7bdb69a1c5b4a |
| SHA256 | 0defcd2110d062392c868ae826b44b1e86aaa69675e41dcf6ec0e7008d91b113 |
| SHA512 | 908dbb6b40d7733d15ce505da9e0b55d8dc3564498a2cfc7b9c60d5eab9b547fc5db77ce46c305e0cb5781f80ef81f11e5b4a5f541959de39a9e7dd1b185aacf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d07a70044082ed672485b9136553fb81 |
| SHA1 | abf85d5e7df17832ce0dc1fc844022587f2dc7ae |
| SHA256 | c2a58c4738960be7a5d27e780a4fcb7b58c98a4b007035c74f1f9dcd9a9ec4fe |
| SHA512 | 7d9bd24f9410d287f11cef727304b1c0f5780821e77c3d7379909f58224a4f95b611c0f8c5ea2c850fcbef8c3f4d419efd02fea2ec03c90a510678e6e5583641 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bbfb66ff6f5e565ac00d12dbb0f4113d |
| SHA1 | 8ee31313329123750487278afb3192d106752f17 |
| SHA256 | 165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754 |
| SHA512 | 8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 9b3200d5699aa1601910d058a7a1a8d3 |
| SHA1 | 636275e68c561041b895773ca3b100ec859589fb |
| SHA256 | 41290fc0a97073a472e9479a07be79b9473103666fc5f99601c65dc7b631a9a9 |
| SHA512 | eeafac9fd07ce0c3c7e3b28f41519f4e9436b7441ca099aa73740e38bba477df68adbd188404e909c29939b7ebf2214d774afb57a00ba4e89e93b73f34223705 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt~RFe596066.TMP
| MD5 | 88abb7695bcffdcb401a3a2117f1f51d |
| SHA1 | 107407def47f8cc6583d0e1fb53592bce3e039f6 |
| SHA256 | 9b09e227ea94e100a4a9579e4f7adbe37d547404853b9132b46d318b48f7c56b |
| SHA512 | 614fb8f55fb3b4f398bdfeaafa0fd374016e5fc5527bbdf0139f612443f07da6bf3eb20abd135bd383c640f655c47a74b8a79680bcffbdc373536a10bc22015e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9a91b6dd57fc9c4880d34e9e7c6b760f |
| SHA1 | 77a09da6ef4343a8b232386e000cd2d6b9fc30a3 |
| SHA256 | 0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a |
| SHA512 | 9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a006c8e52287def6d6b3195e53764c4d |
| SHA1 | 9a309ef2eae5c5e65fcddd6cd64aaca62b393e05 |
| SHA256 | ac0fb9720f1c35b5001215586bd7e02d95d5f5ff1fb40845d6d0de80612d228b |
| SHA512 | e8c96497ade3fc8445fcd45d961ec9d82ef6215bba0cd0155b55ec58b7206b6e670f5814203d728fbba2587e729e1601cc5c851415b74574ab6cdfbf9ecb2869 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | 8ead65074999bdfac083d5d85accaa44 |
| SHA1 | 6e57d07859e3c581b3e9b444c4bab6a9f7b7c534 |
| SHA256 | 26ad83504bb447f0c36dbd36e30c5d27e53cb2daf1ee108c793900dfe48e5d13 |
| SHA512 | ba66bbee6f862d950f25082f2532bcd24894ca018885ad0b54661d444567196879b8541c4322644b12c98bf6a50a291b7d3981f7b083818aca32f59090aa0259 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | ba7fa21ae525cd76bf5d756de01f296a |
| SHA1 | c60948e4f0a8ddee04e117fbc8a7064f912da0a5 |
| SHA256 | b7f1c4765bf5c3d4bcd2331ff30c41619d7ab6c8d11093edd1573a3356a9d410 |
| SHA512 | 406d3b407b95192ef101b38417cc155568aefc5f0c87c003d71ede940d81f5ad987a999947095354a68f9bebc15cdaf6075b8afe335a4c763c98bc46c7cbf45a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | c3ed876475dbb933dc44e3f36577a9d7 |
| SHA1 | 3572aabe3ab17fedc5713f76145caeb5d3030666 |
| SHA256 | a08cc2cb4026b4c52bc6cffbc38f7710915795bb3d2be8aa579f494c900cdbb2 |
| SHA512 | 5ffd5489c3d816a958d477342da00bbe0683049d6d68b5f87d09753d84de555dc16f6f0f61fdb7af09089506521c2a420ed9901751e327b7cb46ab4565aa89f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56ce3bdf5b46e0d6340c00576e44b0c0 |
| SHA1 | 31620997c740c048f3abb5e66726685590fd230a |
| SHA256 | 66ce30f5f7f6aebddb9cf776aed1ac753988cad1bfe1e9cf5c049efb7f8189e4 |
| SHA512 | 254f8c9405acb57c425cb80deab6c88260ce4cb9b679007d53b44977d2b252d4b963bebb7e29e82149372ebc3b51556ac5815412534566e3dac568bbfce7fa8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3132f5b9cc5aaf8de7d71e6a33c2baea |
| SHA1 | 4c795cdc5700a5851b6a9e16a269d2b3b7945069 |
| SHA256 | 6b17756edfe561f549d700cdfcde3986ac9343dcd34ee6b628074e37dba146ce |
| SHA512 | 99ee886b841c2e44520103003bae99de5e5436ccc80db2ec044bce77df237cd3a34b7d45e3b358e468d32bf86342089cef353212303500448d9cd46428971d4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e2743c088990ac45e5096eddb6a827c |
| SHA1 | 6500e910f953598c45f936ae2689c3d661fe1355 |
| SHA256 | 95a01a4f21d0471f90570b53f3c7cbb15baef695ed7036fd57ac17096ef18234 |
| SHA512 | 6654dfeb05c02240cdb6a3aca3b06d7d52cb67a30e5a9dbf2d4f30490d1298ad56b75055f3982fc279f00ca613c2c619877c85d5fb5a7655cf83b626c25736d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37aae58bedde7aef1e333adea66b603f |
| SHA1 | 203febad2df141d863d5d17a02d1292f9d3fded6 |
| SHA256 | 9ad7c1b64dad5cf63b651451be5ac1ac7c96870b91d204dfd6182fe01dcba9d6 |
| SHA512 | 54a13169ced271d90e94d21b896533f9eeeb302f8b215cd310586a01dd04721d7819896399565321c3e33ee37f233ccab7184c9f55bb78767c8d75a8296216fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 30a265ffec71fdf4595f2534b85cd91a |
| SHA1 | 1b81ebd7ced5f0c7c4e0e62efb101c636626159e |
| SHA256 | 3f848a86796ef9a9d21784c8460a17349f43737d5bbb3116853bf5155b9f132d |
| SHA512 | 1683f65f14bbf08635ba3032c4966d6368fe3e4c5af42a9a63b6b0c5b4011b724c3cbf0cffd394f5510533e3622b1299adc0898eab27199219fb1bc7dbf5648e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fe03fb80b30be23c989d42d48c577b3c |
| SHA1 | c618cb6a76fb3e04b73e02d413d79c955b4ad03c |
| SHA256 | 87e05cec4b87714dedd37882b587bc501f1736e33838eea01632324599ce329b |
| SHA512 | 64a1af4ca0a83b37c714fdf4d2ebbd00757043d447c204c170e3015e5c2c1bf4b85924192c189ca12dab706f039edda7653e4a64360990a00e431f6bafaa54ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9623ef47-2666-4951-a6b0-b2f5c63fe808\index-dir\the-real-index
| MD5 | 1e034266d2c8ef0b0445189535d77b09 |
| SHA1 | 0a414154970ad79f28d5c2e8149eec7862b29616 |
| SHA256 | 063f048955dcb42c357c9e5a5c4f0bbc15251fe2c2e5c5dd0950441cc6bbdba4 |
| SHA512 | 7c96428f0b225ffda82986a7dde108c3ae7b9e91e48671cc25e072f73f48562a682479ecdbf51746145a93146661dfde75d4b92aefe836daf86cab07e0781b17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\9623ef47-2666-4951-a6b0-b2f5c63fe808\index-dir\the-real-index~RFe59ae28.TMP
| MD5 | 06cf54bf2d04076122cef71a84099300 |
| SHA1 | 64e111735871ee470f282ab2459963adfdaa3539 |
| SHA256 | 3cf361d24a4414fc75cc9b3639a0a7927016ce8f5576d39350bc92b61a250c28 |
| SHA512 | 8a7aaefeb6380eb8e9205b005ec8918612ecb57fc1848fc594c2b8bd7492cef4dc5f0421d9fdb2df9b85a6b46c004e8e82befbf0a2acc56c90efaf1a98776873 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\27b70f2d-721d-42bf-88fc-a9bbb467315f\index-dir\the-real-index~RFe59b23f.TMP
| MD5 | 754236fba31203ee67625fa764a69fac |
| SHA1 | fe10ad8329e45cc4b77477cb0876fca8713e3675 |
| SHA256 | 1b6335817e65cdd0dac06f026adfb787102241d72f855c8cb6fa5eb77712255a |
| SHA512 | 3ac0cb0bea33e1495bfb300ece567a48ba74f1733f254778a2e656f3f304eba186f51d0d51b7c4d8ed775db4d90a5ab8856b6fd9c1f58a266de09700d0242205 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\27b70f2d-721d-42bf-88fc-a9bbb467315f\index-dir\the-real-index
| MD5 | 6604c44bcf9fc2fea5075ad76786912a |
| SHA1 | 72a86f4d24bb9b0beeebe787f6cd256ad5f02691 |
| SHA256 | 9714cecdbd5d2ab312b3c5f1c7d5ff480fb82caf78b8416e653d7cd5ea5de6a0 |
| SHA512 | e1cc4a28259d4d57d688dfe894a4d58d2fde262829cabc6697cdc06a62660471db035eb18ac80d54cff5f77667bf014f1a5466cb317e6d3d85cb2f718efbc7f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\01275208-7702-44b6-b25d-6c30d718e8bf\index-dir\the-real-index
| MD5 | 536dbef645b2be4ea61c0f262069ff58 |
| SHA1 | d0d999033a250497ef06e9df69ee8cd87ad86a0e |
| SHA256 | c5476ffdc6735eaae7c23f2ff5834419223e9fe295457410312f7448d0a5522b |
| SHA512 | f2bda91d8c60108ff3bdc178c83dffde7fd20cd0f30e00d5ecb18b5116d70cb5f71077cac8295a4bb0d6722e61ae8ab08a2f0fd38e66ec8d87d59d4f1364d5c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\01275208-7702-44b6-b25d-6c30d718e8bf\index-dir\the-real-index~RFe59b24f.TMP
| MD5 | 18a00fa14904fc3c63787d5c57601ebd |
| SHA1 | e167059c1ee4213034cff80ff667eec4d75df2a3 |
| SHA256 | 099f8d0ae2c61ddd94e72166c5e37393014880b0c6dc73b29575d3fb7d3eea1a |
| SHA512 | 72d5c0d26233a84f6520e54e4655b2d7cda4591197d81a762fe04d9fd0e1b1e2cccf91c422377325fbd138035b366054c41e3f6a8dceb4de3e131fcfea05ee07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8571f0d880087ce7898e63e008e35704 |
| SHA1 | e5f745ada1627a02df0c90233b0a0344bf0ee2f8 |
| SHA256 | 329b354b3ecc7749e9e80d50c1962db996518589fe6184000def79f3c5d3958e |
| SHA512 | d513d2f4760064af2c4fb5465d8e2607944f9330c23a81ee9dafd8862cfc79fdf7b306b3240fe05270e8d394847e06b0a54ed35ff46a6917dfc3f92d18cb00b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 844822756e3171131f74d0ab8bd8e9a6 |
| SHA1 | fbd433834f576b75a604803cb9c5a1626eba28ae |
| SHA256 | 3f437cb20011eaacf54dea56b527fcfd34c2330553ff36a41233c08204c2dfb6 |
| SHA512 | 48799b9af6716b1b8c532014dd39472defce05bfc9a85962a60b2d27bd969952648a3b03615c0f460e372b022fb1fe84dcc6764cfb879d2f0dd29ae09dbb3985 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba86fefdc2689987a6d6612f940d1db8 |
| SHA1 | 2e537564035abf55d2dba2a832b4028fd9736c3e |
| SHA256 | 4749a26661519555df77fb943e8329b9f969fed10f81904585abd37f4540787c |
| SHA512 | fbba618f38098114843c563c49b609bb2b1b09f9f7e0bc86fec62973f42728aa8b62eb2e80688d320c10896a93de0d434c3771b8858bc17fd08af7849b094db6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | aa12ea792026e66caab5841d4d0b9bab |
| SHA1 | 47beeba1239050999e8c98ded40f02ce82a78d3f |
| SHA256 | 65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1 |
| SHA512 | 0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c15fba593bdc5e158bed7674880f43b9 |
| SHA1 | 5907223a453d30c10f8174549103e3d9175e6db3 |
| SHA256 | 09a21d12c6155d1f78f0b0b267d596b6cd7c5c777a2e92c047dc224b427775d8 |
| SHA512 | 919ede61557556ec0088bccf90002a8246d8fc5d6ca6c4c5661894045ae383cc326e613783b7f006c67d34750b6d85464588e5db9466344e9ded28d3dc80ff35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59d5c5.TMP
| MD5 | d0d62d971eacb917e4cf521a4b6498b8 |
| SHA1 | 999e7508bbc86ac4330de46c439d2da9db6b9a66 |
| SHA256 | f7d5129a89b4fc63b89abb050b9ef38236e91ec093edb9396f487afc4ce828d6 |
| SHA512 | d4a195a9f655ebc1f70cf27350ddf373b199c53962d8c9c73978bb728130ed0f1ece96b731dea425b69b1793becb91b7d44a5190e4154bc59a408fad7f6af4ec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 8ad1331e3d1c11cc2ae6983910cb44f4 |
| SHA1 | 15e51d4854cd2d693140f3f42a252f480fce3013 |
| SHA256 | b8f693294aaec769f96a48c4ce6c78a311e5dffb51b6a8606925d045d509b85a |
| SHA512 | ec36b5ca00d377f1ff6e1963e18fd92418780fe1654571245eb509f2f3030ccaf46f42ca69601f0ae68055e4669e015972df134d68994f9c0dd0401966ef2b1a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 3921401d7a62c6a89de76d8be2a68782 |
| SHA1 | fe480c747d14d4cbf6371696eb2e0b164458a635 |
| SHA256 | 8b5bb4206c25edebe00a86752d8a6c6a6d466c5aa65dd948e7a1a650d0181f0b |
| SHA512 | 21990d6dcbe5f0ff01a405bf81cab701dc3a4d2cef5b3c6b7ed605e4274ee5615047103ea894417cb97473435cd94ae4fc87e0c699af7b2fb04aa42eb690b3a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | a52fc2e39001aa4ae74c3f8e6501ad51 |
| SHA1 | 68c5cc872b5c873b85b472ee81f61812d5adaa0b |
| SHA256 | 8ff6f8494a64f2af01e5c03460d13c3fd50318acc003282f994d43fc17d6052b |
| SHA512 | dfbe8646a6db853a68a7e1ecb13c603d246c5086f4b2ab15c052ec081a38e2c0265f1cb113b3329f4ae42771c3300db39f60484f651b472d809fa96a24b1046b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 43a1eaaf2fb036dcfdea1c3932d580a7 |
| SHA1 | c0f3c83c0ff9e2e52600311dcf676997579bdf21 |
| SHA256 | bee9272b62d9abc7fa2356035fb90c7e38d88bd19d32c96de122aa210fc2dcc0 |
| SHA512 | dcd91e2801e575c07ebf33df3cbbb846fd449cc5465ec21531699de113b60c7ea9cb00c606596af04e8a1c7e4a43389abdcac862f422b331dfb80701288c7123 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
| MD5 | b1a69383fd80d35b8fff35637bdaba45 |
| SHA1 | 5342268f0975675d78d04cb1d3cb90abaf101072 |
| SHA256 | 3dfce3df90565c399311ccfdcd95b77a00673f2f7f78f8a47c395e54e59efdb4 |
| SHA512 | e5ed0ef6e709a5afd67150a45fdb4b78f1b23953f0e424312be1a322a2188b6d9048f7e751fa02720e575063488cd0f7ac334de0b2ba9a30e5d9badb73c00cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
| MD5 | 8640aec1dc03e5ad871e7bd680eab474 |
| SHA1 | dbeb4254f8c45f6bde16513e4f68ccb089791800 |
| SHA256 | 728f1aa852f388d6575382e93765142c2c611d380e497a602b2f465596843afa |
| SHA512 | d65d350a733a602fe8dbab01ee25b631291d0fd480156d1392082c8e1fcbda66657ad9f502fadb10ebe6e3649c31d3dbaf8151be3a22f4233da5a1b10902d077 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\5CF3037BE5AA48577562F09E99F134C7A95B89F0
| MD5 | 9bc6ecd3b6bf11646ac8bb9ca24b976c |
| SHA1 | a47e2ed3394d2df09176dfae0240e228079a50e4 |
| SHA256 | 8240293fc6225878acaac8a54caa7405bd2c2d2f5c2fc5a3ecfdeec8f80d8b5c |
| SHA512 | fa3407f9ac7983d506ddf9c60b0e554b78fa086f8f432268ad06b9d565d554e50cb2e6e4348ed6da23d2120b882330fed447102838404ff3e3ad2a253e830c58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd6ae827deca612087cf3a42307b4d52 |
| SHA1 | 536eafe296ad4aa637f9386ba4b77b586c1ada84 |
| SHA256 | 0bb2f455f321b61fa8476cd4e064e36ffdc31395a415c7c6d268245b1e46df5c |
| SHA512 | b9db663292195a4c6328c69bf60ef832091c071e7a09964e56cd5c606535a2611aa218ac893f48256341c2157a47b2093a65625d1da7de9773debf92d0d2627f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 172d3277db5b10dea150ad83c63411bf |
| SHA1 | 706b515e74993e48d383b30a15774912922f9f32 |
| SHA256 | 7dd14ea91c5d8deec04adabff15b0241c0546db9b89351efac868ae9f47b7b67 |
| SHA512 | b7a0a9b3a9461b83a50fd4f15028bd02f7bd830552af313764986a035149e95e520a9efb85dd2f4c1699cf10ca316f17c162dd85b24a30d1cc095d33055b788e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b8b102b3c377d01bc1004a6a44f4fe39 |
| SHA1 | 360025d13c04808ad54323725384691679b9ec4d |
| SHA256 | 51a4148bb8bd1458d237e188bb6af93728ad3dd7d6373ad8e636bff46e683339 |
| SHA512 | 05f51102edc2f2d6490854ca13ea902a04bddc13a13418443167124d566f1dec9c5d347973da4dff3602b1dfcc8934f098ae50a8c5f3bcc42d62fe77ff168663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 7f28612634a98b9d41392362e93882f5 |
| SHA1 | 8e5e2041a4f621d4f38abab5917f4b745ddac48b |
| SHA256 | cd3c4c84d96f964f268264b6bbd47a0bc166c3eeabec605b2a4c5be5fa4130d0 |
| SHA512 | 2c1b58d1cd5dab27d0c0003fc8dabbe511c2169190f6c4266cafaf11d773352601d9f3fe82f2eb096c3dc86c50d265e103f8cc9d457714d81eb8dcee76101d07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 1f3228f37f2c99027dee25b68d0b3510 |
| SHA1 | 762af04c2dd591f6ade0261f6c3deb432d1d5764 |
| SHA256 | 9a62b858128ad9e6e3457a9f03f014268e84bd11e8b677b77befce64c24fb2a5 |
| SHA512 | 125c3c03b094241111ac1be1c18dadf064a0f1a671240026a6b15457a24b8f8d926faa9be63b7ee1549fc47a1e5297659d229596ac57e22171b363c307a16935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 0835aa4e85255fccb2f21e6092c846cf |
| SHA1 | dde7da913e0f44cf2c83440cdcd1d37842766cdb |
| SHA256 | 99186026891ffeed059cb0a19026471f8399e004999188105a8c2af581877427 |
| SHA512 | 926e9232ccc2695d254eda40606463bf0dd73a20553311789bc65027ed60a6d430836ec3c88122f582ffedef29afb557acc9b29d239171f7baef80d3352e7e10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 5b0a8f0a77d1f9e03d5691a3e2079974 |
| SHA1 | 8005fa30d4fc3d90c6154a00eaadc3bffc933462 |
| SHA256 | 3581702d6013ada1c992ffc785bcba1383d075f8afeff887480097d11bd80996 |
| SHA512 | 2094e0747ea57e3f3eb45300d84b6a508ec4ef1ef33a26491c72c8a104b17faa2028e01e92e6e34e402f762f4556c9494f98538d13f04ab50a114bf4223424dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 8ad37190687e1568ebe25868df560af3 |
| SHA1 | fbfa5240e3cd7377a74d8ea4567a4537668ce795 |
| SHA256 | 439b0ac6e7d737a421cb4ea7cecfd0d4ee269306427a0bc2963c7009cdd2b0cb |
| SHA512 | c23638576f603bc8cd44bff379baa0280ecfd553cff352cd1d6110b3512f894e0a54aa736573f7c70c3118f4c7f7428f09ecd7cdd180df27248fc1af767b68c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | f8dd9811f8d3ee0e40adc2c8a79b6ca9 |
| SHA1 | 20ca370ab9c1191b97d2505f6d700d00a7afe883 |
| SHA256 | 68a34924aa4c8d46ba9626d25d909af07b89e8613b6a313ec024325fc2b5a9a3 |
| SHA512 | 071f115cad2f1340bf4b1d9a19a2e6c2debc6498de864615e3d2287ef29fce889de8c3093395f25cd1ed1ac6a002dbf314d3cc62e873b6f63e0dcabc1230ab20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | be84d1f3762810096d45f2978cebe4d8 |
| SHA1 | e97d2815756666a6ee8e2072aac3a52b7a445dd2 |
| SHA256 | 56119b835ad1c5f51881a685b8d941dbadf7e471fef9253bdbd18e042e0554fa |
| SHA512 | 2b458add582ca13050c2eb66ca2884158956dab854611d7808a54edac7e4421db9998e3dd8c1648054e380b559d568f9e6250416e3bd7bdf310aa3d880cb348a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js
| MD5 | c09c295bf7d0983c13f6118dc5796b93 |
| SHA1 | fafb15d802073a30f45d4b59c64f26e685529f85 |
| SHA256 | b1522ebf3ff5230a033c571fa2cf324002bb68fd4fb750860134d2bacde9bc90 |
| SHA512 | 350205e9232696893d8ae24320d960420994634b786b315e613427fd1b98c59897e0b75c26504b1c2e141a6b30cb524805444996162448c6bd59cdf260c1a3f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\99d4307d-80f2-4631-8f62-643cbf102eae\index-dir\the-real-index~RFe5a1f80.TMP
| MD5 | 05c9f930b8579161fb2accfeabb55f65 |
| SHA1 | cde5ff8e97399143b19412d122612c9cba94d5cb |
| SHA256 | caebd2868b4a13260ea37bd84348955f6cf1a08046ca2f25ee81167e7d87c24c |
| SHA512 | 7aeee345d938134cc0b88077c4cd4335189ee7f9144a04dfe1d61c836b8e58f2a18995b92eab3e3c2995ec5efbc0981cac6948fdaed00328b2b590063569ddf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\99d4307d-80f2-4631-8f62-643cbf102eae\index-dir\the-real-index
| MD5 | 393e55bbbc056020526d54c3097bc88f |
| SHA1 | e065cca2854df99d7df0281c2afcb000129fb64f |
| SHA256 | 4285102c582f8903bd028cc7dec35ee815507482b2ebc232c5e50f2a42ec19ed |
| SHA512 | f0c7a93bc894f954165e70559e1f6ee2f107d666aec46843e57d4effb4ac64110e15ace38fc1fd3bb9da9cdfeae363ff3c57d6050232359488f5cd1e67f51535 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 1181299811748e634573a67fe07b606d |
| SHA1 | 2bd6ac6a542d07f8ddc720d9dc3789d29dabfe8d |
| SHA256 | cd5775891bde2e5f9b1a7134745cfbbe1ddee0841e39c809684e967c84b8e570 |
| SHA512 | b27cef1c2d963e43629ca9933b0e07ba187ea08966120573671ef910a79f60538e1e6d2b1ac3918e191206333e06aecdd38564fd2c50a2eba26bf1997d2d2bef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\logins-backup.json
| MD5 | 81f65c6702f6310c29bc686d98f203de |
| SHA1 | ecd2b4eca88d6ca199498bf63b386cfdb536861d |
| SHA256 | ddd407a304b8ff1b0aafa0107d683be6bcd623c82537e378230ec08bbc6a7f50 |
| SHA512 | e6f4b965f394917f124b43c20c540129b93855513de22ee2f67b2b6e81ffa96896f9fe9f30f0a2dbe72dc358ca393f216be6afdcacd8fa16284fb28656924aa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be0bf63995aab8f6c2fa57b7e1bd1dcf |
| SHA1 | c9c090f98dce3b472143f4f8c57c14c0227d5f69 |
| SHA256 | 7e5b861c3fcc59fed3a2d75e6d67c188cb5673ae03c694270436cbc946a0cef8 |
| SHA512 | 1e69261327a2f9968fd376ca44e5b110a3d2c0dd4c56c9d75978fc1714eebbe7fc61c86752d7a5328a89da5392e05f8d18ec195624e8f7e2c9fae09ecf951bdb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\12609
| MD5 | 9a43e25f89c94f148cc3f72430fa5192 |
| SHA1 | f3dcde673419e4a42f6387b7dc804a6cbe0b5ff0 |
| SHA256 | 568629ab5f57e016d2f147a8e25ecb446d02cb17fbab31100186ad8c5fcbebf0 |
| SHA512 | 5cbc98a1231ca031095d03afa77b41cbf671ae18743fa47686f2a7e19767b5a3b8c8641d97ab246c8ee573b9f235f44cc25450e0567b5cee31a826532ffd9330 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\EFA253839C92B4E6B89DF46F3D40619EE7E147A5
| MD5 | 71de7c300a7a58e1a66113583ed7f860 |
| SHA1 | 7a91b2fe667483a52d0fbc0499fddd6498fe3da8 |
| SHA256 | b2628adc5bbe8dfd9ec0ae82ef59ef9c06a56c74b908edb9a7d23831a228adfe |
| SHA512 | 12c82adb96f7c25852de3f222cbe7c9d97057341640bb55f62ec708f1e5745a2631c4d4961716cd2ddb9bd01fdfb0bab8a38a8b1c2dcc90b3a7a957d7bfbe319 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\90D5A15C4B68DB8314DD93B75C0A08F5BE413DB5
| MD5 | cc8fd92631ee3184a0652e0d6fd29719 |
| SHA1 | 5c266ce5e848a083db778c59853842ffec496fbe |
| SHA256 | 0a7ca91b5d4a9fcb13eb583a30ff3790d869529c8ec15621df32d8915849a363 |
| SHA512 | 8155bca029ce9c961556a46d6e1101576b941b0c3892d789d79b15c62492667af40ed90ff610784ea1968d1869e2913d0200dc5656660fa1587ada16a553fa41 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\69968F5B9FA18811D808EEB8B6A8F60831531C22
| MD5 | e31dbbcbb7df63bc31c2b6820dbe05e2 |
| SHA1 | 7ff187ea40c5beec9f7b88fd717b21b383b22801 |
| SHA256 | 46de18927ee1794558a55629b330a6f88318351873f5d2dbc47a8e8f8514762e |
| SHA512 | 6c48692836c28c7f6abe1774a0bed6f4e47620dca3879113b5538a75231d0c6ddf958d87b02a3b7d711d8addf8684dc1de6b0c32fb3e77a35e9f6549ef053258 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\logins-backup.json
| MD5 | 7d1011cf291244fdd6513157dca78471 |
| SHA1 | f9b72d4e2e016545accfc2c830c71f93bc0099c6 |
| SHA256 | 5ac4203a0432b33e3feca307d2ff66a2c95ac7ed58f1d8259012bfb48b4d0568 |
| SHA512 | 0989c7a47906ba66b440122a8edd945b96d5b2ffd7ce588a9db7a2322863409967d736fdf7e848642ef8afbf44dc52bff6320f472a3bdce0978e4bb87472c9f3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\B6706EC1ABBF853357D44FADB559F81365FEB121
| MD5 | 80ef3710dc508fa4ac2a5fc51699f35e |
| SHA1 | 829a0078d6721708a343c57565115cd65be6d7c7 |
| SHA256 | 10427f95a07a53734c5b58f807eee36b45f472f78c14e33529e8adca3f950ca9 |
| SHA512 | 63712e4da14c10c856c13b48d312b1fa4ca120591a7d0aa6acd57e47e39f74f4db6f8e1be1b16bb9e4def4693eebb5a63e3fb4e51f3222a2d28d2324bd3b725e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\1C95F1850B98D09EC14634AE0FEE750C102657A5
| MD5 | a156ca880baab9217832d1be5b171721 |
| SHA1 | fa479ccb33c5e6dc20d96da9ad5d61d55c66cec2 |
| SHA256 | 5cb36e1c3ff09495b1633c5d87c05a7926223d811ee6382e06d5b2254a1d2748 |
| SHA512 | 9a3848e5ef1afbd5f47eb3a950b39e32e4102e195ecfcb9a4c44205c5393231dfb4962789d354ab757f8eb9f97654acb2fd8003fe97b29b4a7f2a7317a3bbbe8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\7C119CFDECD4F6D792191B298C0D764DE8BA5A1A
| MD5 | d200fe28d475995377a5bca1d93a9471 |
| SHA1 | 09362bbeda3cc17fac1e59294b5740f9a6aaacb4 |
| SHA256 | 80e4aa67fc5745f5582dc12d086840365fa707f64f9529e2ae403eb91e66c964 |
| SHA512 | ef1438912b59e25dcdb299a882e519ceff7e1e4a5a7aeb88b58e4509852ab8860060d9f7f6e593b02d3b715a3f998099e067a8bfe8fc76e00df7a4a560325b06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | af013b8b4d9386dcfc005d7ffffbe79d |
| SHA1 | 2246826682f72e55907bd8ff5cf5847bbf811df0 |
| SHA256 | 11542d6c1ed31facc3b692d790682c3a037e310a949ca158b5ed30e1e575013f |
| SHA512 | 0160c85cc532e9e78d3c88ed92ec34cbb3e8a2ab46bd64114a475056722c6f5d9de36d00bd849ad1d2287843745eeb229c2db0a48f52eeb3c4747f14a6c08775 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\48188D73664208C1B415DBE89EE64B9A94511272
| MD5 | 9519db45804582339225792a53b34b88 |
| SHA1 | 2fd8c5a0bf84f88640ea1b2e2c8412a12bb428de |
| SHA256 | 47347e1f23abd0fcee2bdfb0c34ee3456bc1b707d8e9a472b8be324cbbf9f09d |
| SHA512 | 6a71250200239fc3d52bb7b907b712389cbb57f889f9739ac793edc0b153761bc2fc16a13c959e65f1cc3b149fbd9f636ff2b3873568b82c4082592b57348091 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\3D23BCFDC1C6F4FB3F5CBA9F576705E61E0E2D71
| MD5 | b421e277de138ccd43fa02a4d9c4f7f1 |
| SHA1 | eb7ed35a12565e9b836a3a8c8753db9df90a5722 |
| SHA256 | 9345884fa0d9a7f7b3d603c1ecf2c89a02335ddb33916aaef15aeca9ac0c5371 |
| SHA512 | 6f4f3c10d46218292aab3198b4c0fd7fd18591e4d23e297faef730b35b0e61e9235ec68ff071e115f7d7a06963024492a3eb7ce1637ee968e903974645d9a90a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\0E1A7E00D8B9E092B2502FA3F15E22C6BE1931B5
| MD5 | 41554b8d8fc8d5d8f90113978ab9bfac |
| SHA1 | 219c2c13ce13e48c25b9f38ecb309fa9fcff4813 |
| SHA256 | 79b729047e857ca6433796cf3c68169e90a332308884961b5cbdabd90ab8f62b |
| SHA512 | 4fc72049d2742ce4af3e4658036271f44027a0c3663dea3d5949bfb778823404cc60d38b2dc0f308395df0210b3b34ea0d9966bfbb6ca837e063c79379a7b7e1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\00D7808406F7DEB2390B1E5DC83C58E065EAFE1C
| MD5 | 2cd221e82e2779d65c07ef65c16d4656 |
| SHA1 | 09970819cb0b8c6ac8e0b0712a47acc3ee7a5910 |
| SHA256 | a663e01d9e5f208ad88c363bfbafc948775f4512f7f5a58256fad6b8bb13654a |
| SHA512 | 70d9f7607bc0972401c050703952be693c3e6bb214bfdf6bdfe65b2ad0686fa243e57bbbbd20eade14aa0f3a211809b62bf0cab59cc718ef5f78d61515735616 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\1581ECEEE3531F5D51254548843BBE5B58B61E22
| MD5 | 6897834f0e5a42ee00662d967a1e6251 |
| SHA1 | 072226986dd67fabc7f691a2117190b8d7963e52 |
| SHA256 | 69512af6a9eb78c4ea5e773381a1bb4cadcce0c0ffc5a33636def440e0afd9a9 |
| SHA512 | 03b9bab0386530ddfa788c1f012b3f052b00d1ca2669fb456980927737e924a8f73e33c74b31cd1feefc9863f705891a9b3e89a88a948b40499fe55bc862b985 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\D6822E5A3DB898549C64DFADD0C83DB1BBF74163
| MD5 | 5dc59bfaf9e41c6365e523c9f1294700 |
| SHA1 | c1173751dcb2cfe2c901e782f808793944561481 |
| SHA256 | 7f73dcbefde4c9499feb940ab9acb96a6e14b394500effa71777e15b270e1cdc |
| SHA512 | 922cc3aa3242624b506978d5be3ca386a0b30f78de634c19b180e29793e3ba562bfdd5d248a8ba6b58a4a17f981f19d5d1eac4e8761b3991143b83454ba888d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\9D0F8E6F1160766EC5FBF0E99526414896F87B61
| MD5 | 1ba60407078bce7befcca89a63dcf96c |
| SHA1 | fda29e439dff092baee57ae6b5e88d820953f121 |
| SHA256 | 94cb29506246ea99bfea2945d25fd5a58817339fa7fc4ade3fea0dffd9ba4e28 |
| SHA512 | 2cdc4a06550f14f149732bcdc2f1cb317fe920d553d94bfaddd8b293338dd5b0c52d8b9a14435bdcf0f3681eec5b98b94582ac476e56c152364745c72bfceb7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\D7542E6F6CF1A6C5AB9E3DD2895BAEBF3C428B41
| MD5 | a255867623c768fbea2e8ea4cdde9081 |
| SHA1 | ac396248df033377302023c242b731ef81dace23 |
| SHA256 | c8914b2e2db8386ad46d0215b9ed007597983e7e32f1abcb0d9dbb2d699a5972 |
| SHA512 | 3f694f691508077267d68a09951a208c968d91d9427d2f6956e6798eec8b06ace0ed336ba0b76431d753ead265ceb6c0ec082f3d91ff7593695dad5341199266 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64
| MD5 | 80e816fc6a803fc92b900cd00f31fb57 |
| SHA1 | 69d461afffb2cbe9394199709cf10643dc2f51b6 |
| SHA256 | ec86f79c310f91178cf0f7248de2086813b8f635fb7d9dfe9dd9f74b3d780860 |
| SHA512 | 38d1357107f94d8b8a8b56337b043fded0b6f32048ee45ab9598ff986e6bf8a47dcf8177836152c49086f5f093b4bf6e86bcb1fd71fcdf35bac05666931298ed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\262A150D9CA278261649E7B55481ECE59BE2088C
| MD5 | a8ce490619f7200e2ecb7e697efde652 |
| SHA1 | 47560254f49d22e25f0694843f06c8db36d839ec |
| SHA256 | b75a8a7c4aaac4f2725f78f43c719c81fd73f19086f47faacd66eb88231e19ba |
| SHA512 | 76a0cce211a5439ad753ac516497dbd81f5f413dc3ee236f69a61a2ec898a970f787a085dedc70f2f6a2ab59f983880e41529d25ce499198388141b7b770d58d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\74C45E51B2BA3D331FD69606B08D3B38F612C7A0
| MD5 | 4d81f91a1edd5a14575ee4f0eee8f17f |
| SHA1 | 88a8164fbb3411df10f62a24e3dfa8b3524dfbe3 |
| SHA256 | be090a9fc11f8c8d6c34c87b8cfbb25d1f32e17335a4c0b3da4de74dc2cd346e |
| SHA512 | 1cd88640a6157c6038061b3213fbbf9f23683b11f7444ab68b04edf6e0741e71b039ab897d8761627ca52404315e0343f4846e07e1c3c82fa9062617e6819a1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore.jsonlz4
| MD5 | 32ff0aa77a188ccc068c1e56b54f7832 |
| SHA1 | 8f2c63d3aa9f2c9556643f067ce273d66e33718d |
| SHA256 | d3dbc4232ca77886e2c57a36f0e29d2cd3ad8ca16a95270c379e4685ec197db8 |
| SHA512 | e21d88f2d551f82e59723e1d88139cc10ffd80031d7d1fe8d588ff0783d6a28418c5c3cf6375a6d1057f5038d5ded4eb73ecb4d7d1e0194273ef986190c1d263 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0fcd5b03ea76f3499ac3221e07e85f20 |
| SHA1 | f954fbc4099211f878c45b564bdc44b93aebd99f |
| SHA256 | 43b7cd5bd8610f23d8e7ce0a69310771d54f890b9ca6d84c4df043d26a8898d8 |
| SHA512 | 8162afbe7b9842e659131187cf129645aec200de5342ad1b9a77e8ca1d4bbdd7493ea643b90db371af58b2fd8217f6ae8b2a1cf0561af223ed84c090644bff03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4f4a.TMP
| MD5 | 86a076bdfbffbf891c94b0137e196364 |
| SHA1 | c428e64e7febaf0e1ff1c16eab2d57de12349bc4 |
| SHA256 | fb5f252d1cb23f1f75d3f09a20c05c4f5750f9b8c59e311c6e227956fb7dee38 |
| SHA512 | 4f12ea24d53456f748b948087043b868e5c47a6351cc40f99b1dddeb27f91aa9b7cbaff28ddcb05432b10bdd0be99260f0dce3fa5aabf6d4c45f3319852f0528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\ae80a90a-ba22-4757-996a-5d9fb3f40c8b\index-dir\the-real-index
| MD5 | 041c71583617654c742eee698d58ae96 |
| SHA1 | 470a4706f66ba6c52428bb2e8def1e05f1f6ed2b |
| SHA256 | daa7468221aa406aba07bfa64008ff403355519d460ddbf8ba3e1af239194cc1 |
| SHA512 | 93e979a90df3daecd4a3d94cfbc549e9d97de75e630d588018e932b267beb379c3ebda9ad89a37cc358aa63317adc1a0353ca4a200fc58c9a8fef8bfcf533f64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\789c5260-89d1-4612-b6f1-1f6f85366637.tmp
| MD5 | 5ef55df6a764f99b546ae18f608ad78a |
| SHA1 | 4e90c3929b884c4472e79d0002f770947410fc3e |
| SHA256 | 84abd26bfa432870fea575eaa9006b6c8aa9b6626b7648d3ab11b9a4b8598084 |
| SHA512 | 8b85d91f3162df6ffb6dbb6b1022847a7a0853b4ae2cbafa82353390bfbd7e67d3b432ff39aff65a2b428e169765221e65d694c7593e4e92ea6a8acb3bd91dbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f089a1166453e0ba40ca65ff8c6dc01 |
| SHA1 | 01e30dce59601fbdd16224bbca826edfc3444601 |
| SHA256 | 67e2481396e6e18d0210fffb5a0f3b5818a0d331227242395bb0e69b643a8caf |
| SHA512 | eedf174e0071aeec56e7e69c56317cfd25045f6f2ac4b34b058ff2130dccd4c5c5d1d8cb794603b675594a81fd52fd61fede4ea9f53275682039fbc2a072c13e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt
| MD5 | 91b6923f5de8631640999c8cba5fe284 |
| SHA1 | 239a84777bbeda7bdb70048ebfe501fd83359fac |
| SHA256 | 1542c30feda1f783a371c3c991d343e377a6515de8fd302865a90bd9addc0a0f |
| SHA512 | 9ba6bbbdce852e764aa8e9b1a84cfcf810c9ddba522242d3e0a1559b4ed2ba12398b933f4c03e64d29175dfc5b92cc791d96e874163e73658e8cbe8151a34c2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f75705aa740337648a03bf31436e3038 |
| SHA1 | 8099649401a9339c5fcd77a339c97cf615dcafb4 |
| SHA256 | c99b1a267aeb00eaa7deab5ba718744e7b14fb7b0f23f8b3106d1fb1583d0a9c |
| SHA512 | 342154103b88d0571b6ac68a498720baf1913f552469d2fcafcd0e5b147e1baf0743acd1987fc81d6271b4a8205eeff3eb9b7654b68eaaa2f7603e266dfc8ba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\abb3a604-b096-4fab-8be0-515714f57bae\index-dir\the-real-index
| MD5 | 2d85fabf6e468fd5ec5df9da22053c4f |
| SHA1 | 3f9cdb6e1157ed254776a906bdf18bffd24b1d56 |
| SHA256 | a82e9c9c0dc1440085eaa06cac1b47e84b513bab8cbc5b144846412b307215dd |
| SHA512 | ef27176f1df43d0be2daef2dae0f766f14f30d42ed1ca6c192e21549178a84dc97e8be4e246acef92e1b7f86addda12417a94aeba62712fb756415e41c1c0b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\abb3a604-b096-4fab-8be0-515714f57bae\index-dir\the-real-index~RFe5a510f.TMP
| MD5 | b396e6082a184893f931e46328bd1b00 |
| SHA1 | b985e7b25bb54de6471432470e5727ed40354302 |
| SHA256 | cf659036c76b86efc3b455eb8640d8d645d9e746e944f4c4aeebf4e5c37313f5 |
| SHA512 | b3680a4f4520dc124435def84f7c639c0f0bbe001bd5ca9a3a2ecfe4b828193764a0ed3d16201d68b2d2f0c4657c8a2bbf819990c961f1dff39d9f3b5c8b9515 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 28748ea1dfbbca8e3aee881bf126573c |
| SHA1 | 106850ab290be1e8b395b9a38f826d9480cff5ce |
| SHA256 | 04c507243b69dacd143b7154b6123cb1fbec458203c58796ff0c87626bef1afb |
| SHA512 | 868d5f3e6b16f51240f984ab117d73699728ce97c317a1cca23efdac1ac0e672e1e83ce54d469a326a34505e7620c753bcacb6b093d26d2621b50fddd0d3b015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\205af6d3-8c66-4010-9994-35707b3e04d8\index-dir\the-real-index
| MD5 | d2e7d176d4a41e4c28a6c4f94173be38 |
| SHA1 | 7342bf329a06b30bd9f28b458935abe9e2fce227 |
| SHA256 | 8426248f7a63684f493d2ce5fc2d29eec05ac79f5977b1cf31e8ca9df22d9f8c |
| SHA512 | fba88f67cfd13aee0debf76697e35f3209a58ff168d0d31fdd0e4f126db7796f9f32336450e2568fceed1fb2ec5273a04fcf8a96599d6917733a5faf2a3d014b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\205af6d3-8c66-4010-9994-35707b3e04d8\index-dir\the-real-index~RFe5a510f.TMP
| MD5 | 18ba097e5bb13f7cfa4ec9be5380606d |
| SHA1 | 4597431bd74c60340cfef8f92e1b6eb9730f3983 |
| SHA256 | c4edf11d6cf46c17a10af248395492b08267d49a32b8ce6ed1293203d836252f |
| SHA512 | 6b91a77a00edd99151c7e06600053151eec882644afd6cdc318c15ef12a128aedbc219daf35b62b80922f6eaf7bb0d29bf13bdbd2bb68b16a4630b7782573562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\ae80a90a-ba22-4757-996a-5d9fb3f40c8b\index-dir\the-real-index~RFe5a510f.TMP
| MD5 | a6e40c91635ff5919d288ca45cb08073 |
| SHA1 | d5d46d6cd39dbf7dc5a46def046e8d2e0be18c30 |
| SHA256 | 1ad9e230dbfa9960ed9fba6207b6fbeba6b3a9e3305c8a5a5733ce1fb8c56b7a |
| SHA512 | ef1673146eb8b71ae5e6d644f75df5df34667a733e6a1c168bc2491fcaaa1053ca4930f237943f4cafe44c7d6bcf8284959303d2426b4bf87590f003e3618c0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\7c328510-fb9a-4381-8998-618a1e60e153\index-dir\the-real-index
| MD5 | a320e526254a0644bf1df825621982a3 |
| SHA1 | 41eacaa8a103408d2f822d25e3d04197eb0758fb |
| SHA256 | 3da85e617cf60a9f68f169d7011c5e650c1e8c2f26ea581e29fdc8bb8b1d5202 |
| SHA512 | f7f6ca2ad13555231a19d20d97984e3839626ce04d5db9c044ef2f30660cb8c855a42f41d3242b0481df62fd385437c7be6014a70c119acf158d0ab26324b9f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\7c328510-fb9a-4381-8998-618a1e60e153\index-dir\the-real-index~RFe5a510f.TMP
| MD5 | 3cc7c3378c554894d67b496c20855e84 |
| SHA1 | d8e3ab3c0f33eb9b77491d55a3b0e2586e391301 |
| SHA256 | 3fe920a11ceb656ee0c756ac00a5838bd598c3f34490bc4848b6d9363adfd2c0 |
| SHA512 | 552447c4fc8a5c062999dcb8857fa4c2c0e5239b9e02866983058787faeaf0595794318fe8e139183c69ad9b48073bf0ec8a15bd341100f8d6a05556fd0accd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3e72aa01b2dd2b6acb6202ff50412b2c |
| SHA1 | 7d0770dc15ad6b63f1a9779308fad19a34863c14 |
| SHA256 | f6584915de169cb9fad7c8e48b3f60408220c9c5938f8d79bb2f4e4c46528aab |
| SHA512 | 6034b4f4835f693c8695847c7b5b81427e6ba85d86e8cddbd81d9d1de08e5cf7897461da2734cabf237e0e3bf55c4a06ac852aa08c67ffaab7960bcffc2f3c0f |
memory/6000-2431-0x00000000012F0000-0x00000000012F1000-memory.dmp
memory/6000-2433-0x0000000000420000-0x0000000000DE8000-memory.dmp
C:\Users\Admin\AppData\Roaming\sihost.exe
| MD5 | 49b56d5b9af9bf4027adf9b2b89971c4 |
| SHA1 | 9558f46860ca88d24e14c2fdf9b915aa1608495b |
| SHA256 | b392d76bc73486b5a61293cb71d75d79b355682d95a7c2f7aa38716b3b241edd |
| SHA512 | 2c21c91d47f5433328fa8f912627091fee5c4f5bd286138b41ec34c8c18971f2a783020d256ff8bda7b39e7b119f86c9b5043b3d759ea9a3110b81e9db09dd8b |
memory/5772-2437-0x0000000002A40000-0x0000000002A76000-memory.dmp
memory/5772-2438-0x00000000055A0000-0x0000000005BCA000-memory.dmp
memory/5772-2439-0x0000000005390000-0x00000000053B2000-memory.dmp
memory/5772-2441-0x0000000005CF0000-0x0000000005D56000-memory.dmp
memory/5772-2440-0x0000000005C80000-0x0000000005CE6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kvyzgz5w.j2t.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5772-2450-0x0000000005E20000-0x0000000006177000-memory.dmp
memory/5772-2451-0x0000000006240000-0x000000000625E000-memory.dmp
memory/5772-2452-0x0000000006280000-0x00000000062CC000-memory.dmp
memory/5772-2453-0x0000000007350000-0x00000000073E6000-memory.dmp
memory/5772-2454-0x0000000006770000-0x000000000678A000-memory.dmp
memory/5772-2455-0x00000000067E0000-0x0000000006802000-memory.dmp
memory/5772-2456-0x00000000079A0000-0x0000000007F46000-memory.dmp
C:\Users\Admin\Desktop\5488134.cmd
| MD5 | 338f7dd542aebb1c159ca71afc580e3c |
| SHA1 | 4e7f269207a0f7225ed3445af55723877e54ec32 |
| SHA256 | e253ae61488de5197d185217b1a11f554a24456e460f320c4715be8c4ba2125a |
| SHA512 | 49856ceeb1bb948d0623dc6df566da4e03cc8067320f1cb9755a20b7c37051d2d9e3a1b772135a745ed2b7f059208db8f75c19c0f6dcdb165ad06ad00de3bda9 |
memory/3760-2461-0x000002556CCF0000-0x000002556CD12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | efd01307347cf3584e9e4b9d2a2cc4e4 |
| SHA1 | 4ebdcefa6007f76414c5d09e56f603582419bac4 |
| SHA256 | 6c486dd30c7f78f4e1ae3ab9da4603cf9aacbe17046c7e57a82b754a62cb7674 |
| SHA512 | f76bcd1501f44017d8a5c7b3ee0b0ba3be8ba38f969e1d8de796206586d31390bae2844a0f36e8b05621549bf046c351cf0a44da3a77afc04814aace2e2944e8 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 13af6be1cb30e2fb779ea728ee0a6d67 |
| SHA1 | f33581ac2c60b1f02c978d14dc220dce57cc9562 |
| SHA256 | 168561fb18f8eba8043fa9fc4b8a95b628f2cf5584e5a3b96c9ebaf6dd740e3f |
| SHA512 | 1159e1087bc7f7cbb233540b61f1bdecb161ff6c65ad1efc9911e87b8e4b2e5f8c2af56d67b33bc1f6836106d3fea8c750cc24b9f451acf85661e0715b829413 |
memory/6148-2486-0x00007FF60C200000-0x00007FF60D08C000-memory.dmp
C:\Windows\Temp\c2rchk.txt
| MD5 | 606d9abf768025ebe0b25958d417be6c |
| SHA1 | 81b33a8807f17530f00225d09943a30a2d2bc94d |
| SHA256 | 5e2af1accb0147d7d52f896091e14821abd697a04a67855eee2b8219281c8f9d |
| SHA512 | e3ebded19b43b85453750127f866e92e6623509559bd30048da8685dc9f3a784a0cd0a0f36e64760f6cfb9e55145e560151e8ecfb97499dca9684d6f6fec0d1f |
memory/2600-2492-0x0000000000DA0000-0x0000000000DA1000-memory.dmp
memory/2600-2493-0x0000000000E40000-0x0000000001808000-memory.dmp
memory/6148-2496-0x00007FF60C200000-0x00007FF60D08C000-memory.dmp
memory/5288-2497-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2498-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/6148-2499-0x00007FF60C200000-0x00007FF60D08C000-memory.dmp
memory/5288-2509-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2510-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2512-0x000000001AFD0000-0x000000001B22F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | e7817986fb4ff52213846a497ce572f0 |
| SHA1 | d21d73e2e20f7f1fe819adce7539c2d7fba1cf7a |
| SHA256 | 71c462e3b0908645d24a4ddd23046a9de917ee84f23a037bee8722ea96e3848b |
| SHA512 | 72a8736aa03922bf6e9b0e170d84c6d74d3ea54cd9467adeb5b3906911c094ba7252a4d13bd3e1968f8b8d61061412e0645d7e901b40a2f565e53a6df9cb0f37 |
memory/5288-2520-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2521-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2526-0x0000000000800000-0x0000000000A48000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | e719bea1e921fcc721df4461c0fe5b1f |
| SHA1 | 0d27dbc1ee67cdf98e40c119ab1a143e5a266370 |
| SHA256 | 7347acdba55196f3e30068ed20436e1c2127e62dc91a66cb55f6f56a7b8c3476 |
| SHA512 | 54b338b3bbc580c5b03d89da6ae826d3a509914a1204b07a3c77b3853d2e9073982243591457f8ca3a9206f3f88d00c13829158ecb6f84018a9a923a88d4a30e |
memory/5288-2527-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2532-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2533-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2538-0x0000000000800000-0x0000000000A48000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | 9a2fbf41cbb120af3a2235d041afbc47 |
| SHA1 | 6bd0c839595a2a725af0fd5e2269c1e93f4c561f |
| SHA256 | 7975f1aec5346c7aad2b2dcfbacff0b5dec306c828aec27e0d51b595cf6e2e7d |
| SHA512 | 2919944fee002fb06a05691eeb0dfd29edb99d9b41513c154163a69cf832a58e7b4260a6cf2758f49de23e978126734de323464ab733739ddfc59e8ae6786a1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | c82607fe9e93d33cf5a4e7fffd153e0a |
| SHA1 | 717f90ada1c7dd2590d0f5d5a383bf4a5838c6fe |
| SHA256 | 0b5ea3d5f59bc9677e5af10aeca676b37e77cfb3fd0d954211333faf257c91dd |
| SHA512 | cf7fe251d6d8ad42d6fd13759ff71072448d24d062cf0757eb05298d84e6c7983cb1aebf1f434079cc8a7e1aa87702f61184afceb300330d61f1fa76fb01dbb3 |
memory/5288-2547-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2539-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2548-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2553-0x0000000000800000-0x0000000000A48000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 9042f20e69413680ce86dca4a45551c0 |
| SHA1 | b67c2bb4d30f6308a3f2e1690b5df13922cf4a3e |
| SHA256 | f13ab3d9ef9ef5af926b3e654452bdfc994ce8db0f4165f0afc9ea40dbdd457e |
| SHA512 | 86cc6ab363688725d1f335904c67c2054ece1d9113ce59d0437540522563b634decbf4adea99d6fcbb7d80fa28edafd98aad3d86addace1d9e21a834e81e2034 |
memory/5288-2554-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2559-0x0000000000800000-0x0000000000A48000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | fa1ca11f11e3eb0e8309a316832d5f9c |
| SHA1 | de24759cd400fbedb6cb8981b116f267c2c7c7c9 |
| SHA256 | 6922302307c44197b8b64bc6168e0d77ae8d42ff2cf03ef041f6d1ed0a50de55 |
| SHA512 | 11c145c2e4c8316ef4d880a2e09d15a71fc652784e3350d98105f8bf7cd30cec20d27ebb8548b4fe0809cfa90302458b2767b5ef422a989d4555b94ca0a04486 |
memory/5288-2565-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2560-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2566-0x0000000000800000-0x0000000000A48000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs.js
| MD5 | ffc10d1a2cc8dba2b147ff24a2df4fb8 |
| SHA1 | 74b7aac83e184dd96959eefcaa14aa58bda79222 |
| SHA256 | faac5ac7687c00d906e98f629fe230527cfe068c0403fb8f8b993abc06825d10 |
| SHA512 | 0e8a4c7cc972affc3a5d90b1a554a04085ab3f6a5c1d1e46be2312cdfc505f408df7331a52cfbfc7ec602ed7704ff5dd94c936ed4183b0c5914a1c3bae039e5e |
memory/5288-2576-0x0000000000800000-0x0000000000A48000-memory.dmp
memory/5288-2577-0x0000000000800000-0x0000000000A48000-memory.dmp
C:\Users\Admin\Desktop\5928445.cmd
| MD5 | 35d230678a5ac3a0158947e9274b2579 |
| SHA1 | f08f8444b046e55be61f51e7b9689e4be6a6811e |
| SHA256 | f864ff01b2eef96eec62d46635a3e9b0893e01890c9d9f56549427b3be1cd848 |
| SHA512 | d5013195dd37d1982b9bb7de866ec3cd85028838bffd704897f3dc6df470c22347384103bdccb05d02beea6a522b2313141d6d5d53b34f1c7e106417f943a511 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 53fbb36e3de882ade26ea8b023b9a6ce |
| SHA1 | ff48acf3b1475f0933c950856f58aebb26ca4af9 |
| SHA256 | c1ed4103218a9267eb4c0266f7a5d599950aa178523cc33357e49b727bb65130 |
| SHA512 | a2536a0500b3075e9f87ea66fee73061d6660af246637d04cfb7d80d51ddaa35692682a08663c21db9533cecc0e140a6b610d8656cc1aa02d3969b5d2a83f2c9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1a11402783a8686e08f8fa987dd07bca |
| SHA1 | 580df3865059f4e2d8be10644590317336d146ce |
| SHA256 | 9b1d1b468932a2d88548dc18504ac3066f8248079ecb083e919460bdb88398c0 |
| SHA512 | 5f7f9f76d9d12a25fdc5b8d193391fb42c37515c657250fe01a9bfd9fe4cc4eab9d5ec254b2596ac1b9005f12511905f19fdae41f057062261d75bd83254b510 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dd631c0fc116e60c200d2c73625d4068 |
| SHA1 | 6e01276ccfefd858e323eaaf5ecaf1e4bc2849cf |
| SHA256 | ad134730fc555e037073ace15d590a49c7314fb1e56515c33faf83465d821671 |
| SHA512 | 1a47f8309799b67ff1703db12c0e0e4651a8860b8a6e76717fe796eca6835233c1a5caef2191eac5922da07d14a78894e7e9de3be3561c513205adb676d48a84 |
C:\Windows\Temp\sppchk.txt
| MD5 | 32d4eec64d26c57a30802124903ba56f |
| SHA1 | 266bea2c586bc0ab52f4dc9fd90739c491acf6d9 |
| SHA256 | 0068a0d6ccc9c175d21bacfa9e8549fb6a813ff2ab231c9f97e33e3f039ac8e3 |
| SHA512 | 213b0e520da4260f46aa467d1892d1a9486edd6f211837f95306aa1e3f08410e054ea9abe44cd063b0e7703325242c9564e8d35e6b964d18d04cfbf0fb2d9635 |
C:\Windows\Temp\sppchk.txt
| MD5 | 9ca430ff9d23c91111e7f982880bb1b5 |
| SHA1 | d19b69dfcf697895275aadc5c4d43cf77c5f2de9 |
| SHA256 | 9297e408b04114294f766ca92924527538621948c094adbdc70255af3ef92634 |
| SHA512 | 01df1ae217f1ed261984cd09bb864874b2a945886bc3e565477c5769710e80fd307f28247edc119167992cc7d4d8c1e1a926eb9ac029e5d27ba9169474465dcb |
C:\Windows\Temp\crvRetail.txt
| MD5 | 8bf63053cd3d9b456db6f0f5364fbdd8 |
| SHA1 | 66f296e2f8f2557651948768d23940a364fbbd8b |
| SHA256 | 6745801207605da64109696eb8edc436e5599da0012092fc5b5b0d3fc58649d8 |
| SHA512 | 06f09dde15ae5077b19149f4ef682ece57cd8d83ab1ab1dc30b342b24f534e7926a6671d7268e365dcd9378529bf6f9af682798dd985a4f5522044c047e901a0 |
C:\Windows\Temp\crvVolume.txt
| MD5 | 1374862854ec28d35d8d726f9e16b5b2 |
| SHA1 | 1a3a6774d07ebbe2a29876be291434e8079a4042 |
| SHA256 | b3df27075dfec96fa1765a8714ab31a5502c6d722ba86d73495464240d5da602 |
| SHA512 | aa59eadbf536032b44449ec7e4d3b0e55192204b943fad569b140cca341285d02fb89a3ec6852494fb30a93045a4d8459a15e48c166bdb74c5d4872107781959 |
memory/4812-2634-0x00007FF60C200000-0x00007FF60D08C000-memory.dmp
memory/3488-2637-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2638-0x0000000001000000-0x0000000001248000-memory.dmp
memory/4812-2639-0x00007FF60C200000-0x00007FF60D08C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
| MD5 | 7c767cb5ca667e40aec4d08db9422aa5 |
| SHA1 | 504453272c7a31e3ce9cdae9a2aa71a0c8ea4f8d |
| SHA256 | 635e8a756b95e9bdfb754d79f5492a934c24237fa4ba19af0b258703bafd6194 |
| SHA512 | 775394d2291ffff7858579bb7cefa27914e54cc3eb6d84826b5f5eef71d5087b152b435fa28e282cc1184ed97853400389162db8793ba1dc22f2f7310099ebe3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
| MD5 | 4e59949c97d56951a4257f10c937e77b |
| SHA1 | 10823bbb0b1bdf9343e509d944fd270ad4d1b08f |
| SHA256 | 70226410290be102630c4a3fd00df3e97600dc8db123ac6d147f2b0e5941e9b3 |
| SHA512 | c79ac201d1a7a1425b2e6a37d60724149f59d80e4dae69c8022f492525dcac5ed89b6cc10f138380ce418b3d73de19eabff2dc94807b18e02b488ffbe9a1a311 |
memory/3488-2642-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2643-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2644-0x000000001B6B0000-0x000000001B90F000-memory.dmp
memory/3488-2651-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2652-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2656-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2657-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2662-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2663-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2667-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2668-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2674-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2675-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2679-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2680-0x0000000001000000-0x0000000001248000-memory.dmp
memory/3488-2685-0x0000000001000000-0x0000000001248000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c8f54300cf74f2766354d7b00b5e3311 |
| SHA1 | c55d32d676669d2e6b4c188e9f061f97cebec93e |
| SHA256 | 2722a5e8e6ea06cc897c231de7feeaebf2f106cb1158a50d66fbae1583e2221f |
| SHA512 | 3acc35f864bfb35fbc151c8e0b4f9fdcbaf444c6127f4b8aa580c61736c2d0dca211b772f415d0ce876dc4513782df7d14005f9495e7869f253d9810f5fddf62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0c232e77e7628af692b62c8366300eeb |
| SHA1 | e3828437ad5ea0ad5becdfd3a2b6bed958d096b9 |
| SHA256 | e249646a862302a18096d87fe684b262c3807c9358969b4f31bbcc989c4d4d08 |
| SHA512 | 1337e8f2977480a508bbcaa223b57f187fdb35c9f224ec65bca2db83ba9386d5d56dbb30746b814152ed25938286f2dfbb3ee392a0f51637253cfc848b5957d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 03ff70777ead9cf29101e263adccb9cb |
| SHA1 | a75c556f34e6562642b71880a8e796ba80a1e18c |
| SHA256 | 5dd69ad56f4db0de922e4004bc860f075ce93766c8c7f05485497a0d9b6dc854 |
| SHA512 | 2a563a24ca8b20d8ef39c87bbed5e448cf0a4ca3dacf200c6a76333ebf47bdc7ab415b58cb766972b7d32b5557acc3a23be84f6511dd2bd450220d3f8e978b7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e329a08dcd320757faae3e6be55557ce |
| SHA1 | fa7c9d357347f5de405adb69f25524ce295346bd |
| SHA256 | 38862ede033e4967be032f0406980437535aedfdad6758a69e1335c626db4933 |
| SHA512 | 82e3386dc41ff4af97c7372e28636da28f9b614951fdaa527182053819547892014dd36228465030e1c84be483e0aa67814f83b6fca935afc13e05fc133fbd40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 52c8d754f67af0f89ce561cfa0b0a47f |
| SHA1 | 22bd36b07038a92509388324a46ba8b186389838 |
| SHA256 | 6eea618512282d8240a7d601061337b9050417a8ee69755ccd0c8c392c50349f |
| SHA512 | 74188bfb27a185119f13030dd75fb18b2c2a9284f49635d69a663b69fe54137dac2815f17adcdc736d8b8a725522f6aa021ac1c300898a1b22c737e679de6446 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8819b3ae7f79b1df1456a0cc08c6961 |
| SHA1 | 7bd6299e80fd1518ec1bd919dda704a09007ba36 |
| SHA256 | 68597df4dded60b47cb24612af76677aba867bf0ec6ad49d9a8d41525768b7c9 |
| SHA512 | bf1cfd13802816eae927db131080c0b1f3a1e17633e677a678539c17a792ee0860a60174edd0cb8e4c35f727d2d9f1122e92e71e20cee3e8c55007b8192b7538 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 34523ac625902a72d297fab728a1e893 |
| SHA1 | 88599236a84a6aeb53f63624522a0a0e02a0382c |
| SHA256 | 497348f3b1180798bebb04ea756a27f5761c8ac43c7af3c213fe9953b01ab1a0 |
| SHA512 | 5ba82295d0c7e9f995a24ab80ac93aaa6d917837ae25e39fb5e84335c2f4bfdfa2aaab6ebaab68a817b6313e4433b39b4ebcc23495c193119bee268e5587177b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9b86e70c3791a4a09702ac04b9134445 |
| SHA1 | d824a7c499cf9e9ba587843eedb3fdd69739e3a8 |
| SHA256 | fb6a15aafdbf2936e959efbf8e6e6e65b863627179d02d3a4c88fb75d1f5bace |
| SHA512 | 09918530b2543761fff0854f4139f92a15af38555ac455084da5efd04a43110267ee64453d683119d6dd0fb7aaa7c72755ce1c696bfac4c83d19dcd80658551e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d116d57d121a99e7dba455ed2f2f7fc3 |
| SHA1 | 971e561b59d84690623b25bf8c91858d1ab70e09 |
| SHA256 | 981fe7e6a8600e17173dfd5c371cd76c486c5cafb03bc5c75ee9845688bd1b10 |
| SHA512 | c2e9968743752dd05b7b365f98613c8dfba4a2758c3721b6c14a2c1053659636a9136d4eb47d463ca10c3df043c6a152f7bbcf4a244c9f45b45d35140a16b883 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\44366e77-4bec-43b7-9430-d5caaf925ca3.tmp
| MD5 | 7a1e78297cc290b4573748cf90fe3245 |
| SHA1 | 405376f0a36c9da7d797cf111dc1d4a0086a01d0 |
| SHA256 | 4b947cc6ed7686c1f5bbc7a12d8ae7cd865026200b17baf3a2f7887f10a6fe27 |
| SHA512 | 1b1e85f08aefdcc0248ef9e132239c51898f224cb40642453624c7dd9f41047acb34b1ee735d8fba70c5722448376071fc3176494a829c81933919afe2ebe335 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 86b2e80b11434ecdcf32f01665c2c246 |
| SHA1 | 8187a3d259d97590edd8e2fd6d7c2b7e6465e2f3 |
| SHA256 | 471d5e29e9a56949037d038489358d0c8328c92c35e48ca8bf1fabc48dc9672a |
| SHA512 | 14dc5c5afbe5926843280a21714aa29cfdb015937dc3486966b7f32c7a3ab37236e5c4d1d8c9085d5b47141fa0e91d25ca4870e2fff42bb31676a5d4ba87474c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 79793100e66aebafe6e19dd30af5ffb4 |
| SHA1 | f21c64d87e24bb885980abe73b888c0c1376c5df |
| SHA256 | 8d5b73214fd07fc621b05db9b81a17ccab8bfae90cc542b13cc968d3d6eee874 |
| SHA512 | 0320a7bf8fa4235989401da5349f40f88bf881d145907a306eacb890488113b5a4d8bf51ce0bbbf37db59c79490e68f6cc6d43598f928e2b008914f16dc5a83c |